The SEI helps advance software engineering principles and practices and serves as a national resource in software engineering, computer security, and process improvement. The SEI works closely with defense and government organizations, industry, and academia to continually improve software-intensive systems. Its core purpose is to help organizations improve their software engineering capabilities and develop or acquire the right software, defect free, within budget and on time, every time.

Tactical Cloudlets: Future Research

The next quality attribute that we will focus on in our research is trust. Our current cloudlet implementation relies on the security provided by the network, that is, a mobile device is allowed to interact with a cloudlet according to network policies and permissions. This means that the cloudlet implementation is as secure as the network. While this may be acceptable in many domains, it is likely not enough for tactical environments.

A key aspect of cloudlets is that they are discoverable. The Cloudlet Client that is installed on a cloudlet-enabled mobile device uses Multicast DNS to query for cloudlets (set up as cloudlet services by the Discovery Service that runs on the cloudlet). Multicast DNS protocols are known to be insecure. However, securing the discovery process is not the problem because port scans or other probing methods can easily bypass discovery.

A potential starting point for embedding security in our cloudlet implementation is establishing that initial trust between mobile devices and cloudlets; that is

As a mobile device, is what I discovered really a "friendly" cloudlet?

As a cloudlet, did that offloading request really come from a "friendly" mobile device?

A common solution for establishing trust between two nodes is to use a third-party, online trusted authority that validates the credentials of the requester or a certificate repository. However, the characteristics of tactical edge environments do not consistently provide access to that third-party authority or certificate repository because they are DIL environments (disconnected, intermittent, limited).

Our future research will explore solutions for establishing trusted identities in disconnected environments. Even though the motivation comes from cloudlets, the goal is for the results to be applied to any form of trusted communication betwen two or more computing nodes. A review of related work shows that this is indeed a challenge and there are many relevant and interesting ideas but not very many specific solutions.

Return to the first page of Tactical Cloudlets: Moving Cloud Computing to the Edge.